[Koha] ssl for koha login
Mason James
mtj at kohaaloha.com
Wed Jun 6 16:06:21 NZST 2018
On 6/06/18 3:45 pm, Mason James wrote:
>
> On 5/06/18 2:18 pm, Alvaro Cornejo wrote:
>> Hi
>>
>> I´m trying to setup a ssl connection to Koha (using letsEncrypt certs ) so
>> my users, admin and opac can have a secure connection.
>>
>> I´ve folllowed letsEncrypt & certbot instrucctions but neither opac nor
>> admin pages work.
>>
>> I´ve tried directing connections manually and configuring apache for
>> redirect unsuccessfully.
>>
>> Any hints on this?
>>
>> This is mostly to avoid the upcoming chrome config where it will display an
>> unsafe site warning to any site requiring login that does not use ssl
>>
>> Regards,
>>
>> Alvaro
>> _______________________________________________
>> Koha mailing list http://koha-community.org
>> Koha at lists.katipo.co.nz
>> https://lists.katipo.co.nz/mailman/listinfo/koha
> hi Alvaro
>
> here's an apache config that has worked well for me
>
> it has some extra magic to improve it's SSL score
>
> the config now gets an 'A+' on the following site...
> https://www.ssllabs.com/ssltest
>
> i'll aim to add this to the Koha wiki
>
> cheers, Mason
>
>
...and here's a nice 'cert renew' solution, using LE's cli.ini file
root at deb8:/# cat /etc/letsencrypt/cli.ini
domains = demo.foo.org, demo-admin.foo.org
root at deb8:/# cat /etc/cron.d/certbot
# /etc/cron.d/certbot: crontab entries for the certbot package
#
# Upstream recommends attempting renewal twice a day
#
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# -n for non-interactive
0 1 * * * root service apache2 stop ; perl -e 'sleep
int(rand(3600))' && /usr/bin/certbot certonly --expand -n
--standalone --config /etc/letsencrypt/cli.ini ; service apache2 start
More information about the Koha
mailing list